EU-US Privacy Shield

  1. ‹ Older
  2. 5 days ago

    Derk J

    Aug 14 Pre-Release Testers, Xojo Pro

    @Michel B Thomas, you should stop taking those pills...

    Your level of paranoia is exceeding legal limits :D

    EU General Data Protection regulation NEVER placed the IP address as personal information.
    https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

    Wikipedia is not telling you everything:
    https://gdpr-info.eu/issues/personal-data/

    The IP address is personal data under some circumstances.

  3. Norman P

    Aug 14 Pre-Release Testers, Xojo Pro great-white-software.com/blog

    @Derk J If they sell (or do business)l in the EU they have to comply, not that i know if it has been tested in court but that’s the law as far as i know.

    whose law ? the EU's ? good luck enforcing that on a US company with no international offices in the EU
    the US's ? have they even ratified this thing yet ?

    most of this thread is pointless - no ones a lawyer that I know of so cant even express a proper legal opinion
    and none of us is a judge in the US or EU courts where our opinion would actually matter
    it hasnt been tested in court at all
    and its not clear Xojo has ANY intention of registering

    IF this is important to you and your business sign on to the feature request made way back to have xojo register etc and email geoff and tell him why

    and quit this debate that none of us is qualified to actually have an opinion on that actually would hold any legal water

  4. Derk J

    Aug 14 Pre-Release Testers, Xojo Pro
    Edited 5 days ago

    @Norman P whose law ? the EU's ? good luck enforcing that on a US company with no international offices in the EU
    the US's ? have they even ratified this thing yet ?

    most of this thread is pointless - no ones a lawyer that I know of so cant even express a proper legal opinion
    and none of us is a judge in the US or EU courts where our opinion would actually matter
    it hasnt been tested in court at all
    and its not clear Xojo has ANY intention of registering

    IF this is important to you and your business sign on to the feature request made way back to have xojo register etc and email geoff and tell him why

    and quit this debate that none of us is qualified to actually have an opinion on that actually would hold any legal water

    The EU-US Privacy Shield is an agreement to apply EU law terms on US business and US law terms on EU business. If they do match the terms. So yes Xojo does sell to EU customers so these “laws” or “agreements” could apply to Xojo as well.

    I did and can buy from Xojo from within the EU so treaties and agreements between continents apply.

  5. Norman P

    Aug 14 Pre-Release Testers, Xojo Pro great-white-software.com/blog

    note Xojo's lack of response on this conversation

    @Norman P IF this is important to you and your business sign on to the feature request made way back to have xojo register etc and email geoff and tell him why

  6. Geoff P

    Aug 14 Xojo Inc Austin, Texas

    @Derk J Wikipedia is not telling you everything:
    https://gdpr-info.eu/issues/personal-data/

    I would not give too much credence to the link above given that it's coming from a consulting company and not from the EU GDPR regulations themselves.

    Xojo is fully in compliance with the EU GDPR. When we are contacted by a user in the EU wishing to have their data deleted, we do so based upon the requirements of the EU GDPR.

    As for IP addresses, an IP address is only personal data when it is combined with other information that identifies the person. Since we do not have that, as far as Xojo, Inc. is concerned, IP addresses are not personal information. That they can be combined with information from your internet provider (for example) to ultimately identify you makes your IP address perhaps personal information in the context of that provider but not in the context of its use with Xojo.

    It's just like your physical address. The address 1200 Westlake Drive, Austin Texas 78746 provides no information about the people who live there. It must be combined with other information (such as county property records) to obtain the names of the owners (personal information) although even that does not necessarily reveal the personal information of those that live there if the property has be rented.

  7. Geoff P

    Aug 14 Xojo Inc Austin, Texas
    Edited 5 days ago

    @Tomas J I'm amazed at this level of naivety.

    And by the way not a German Court, the ECJ itself judged. Here is the ECJ document .

    And of course are IPs personal data. These can be merged with other data in the simplest way and, together with the GeoIP positions, the time stamps and device information, result in an almost complete motion profile of a person.

    Tomas,

    If you read that case you will find that the reason the court of appeals considered the IP address personal data is because the plaintiff (Mr. Bryer) identified himself while visiting the websites that also stored his IP address. Because the two were combined, the IP address became personal data. And the issue was not that this happened but that they stored his IP address along with this name. They were told by the court to delete this data once he signed off the website.

    When the Xojo IDE contacts our servers, we check for new versions, log anonymous stats (if the user has enabled that) and get the latest license info (assuming the user is signed in) but the IP is NOT stored along with this data.

    For those users who are extra concerned about privacy, they can turn off all these options and download their license key file allowing them to use Xojo 100% offline. We have had users on research vessels in the antarctic that have had to do this because their internet is not available all the time.

  8. Julian S

    Aug 14 Pre-Release Testers, Xojo Pro UK

    @Geoff P For those users who are extra concerned about privacy, they can turn off all these options and download their license key file allowing them to use Xojo 100% offline.

    I've found the option to disable update checks, but I can't seem to find the option to turn off the "call home on initial start" option that I guess checks the licence info, could you point me to the right place for that? Thanks

  9. Geoff P

    Aug 14 Xojo Inc Austin, Texas
    Edited 5 days ago

    @Julian S I've found the option to disable update checks, but I can't seem to find the option to turn off the "call home on initial start" option that I guess checks the licence info, could you point me to the right place for that? Thanks

    After disabling the update check, if you download your license key and then sign out of the IDE, you'll be offline. However, it will still try to download LR content, launch URL redirects if you click them, etc. None of that is in any way tied to you though. However, if you want to be entirely offline, you'd have to disconnect your internet.

  10. Michel B

    Aug 14 Pre-Release Testers, Xojo Pro RubberViews.com

    @Jim F ...and these terms are a MOVING TARGET. Michel, you are correct, the EUGDP didn't; but a German court determined that storing of a dynamic IP address + a date and time stamp DID constitute personal data (and here's the rub - and the moving target) because the court said - with the use of a third party (ie: the users Internet Provider) that information could be used to obtain (even if you didn't actually take such action) the personal information of the user.

    No offense, but no wonder why Germany is lagging behind as far as Internet use.

    By design, most mobile apps routinely call home. An important number of apps created by members of this forum do as well, let alone to support new versions.

  11. Thom M

    Aug 14 Pre-Release Testers Greater Hartford Area, CT

    @Tomas J You want to do business in EU, you have to comply with our laws.

    Right, but they may not be doing business in the EU. When I was with Xojo, we did have agents in the EU, so in that case the laws would apply. To the best of my knowledge, that isn’t the case anymore. That’s important.

    If you visit a US website hosted on US servers and purchase from a US company, you are doing business in the US. Unless you believe US websites should subscribe to GeoIP data and block access from all users outside the US.

    Also, laws are only as effective as their enforcement. GDPR laws applying to US companies is currently dubious at best. Again, we’re talking about companies with no presence at all in the EU, not giants like Apple and Facebook that have offices all over. The EU can shake their fist and claim their laws apply to US companies all they want. The issue hasn’t been tested in court. I am not a lawyer, but I imagine it would have to be decided by the U.N. because neither country’s courts could be considered impartial. The only companies worth going through the effort for, already have some sort of presence in the EU, so they comply since they are required to. It’ll be an interesting day when an EU regulatory agency tries to impose a decision on a US-exclusive company.

    I’m all for privacy. GDPR has the right idea. But claiming jurisdiction over all companies in the world is laughable.

  12. James D

    Aug 14 Pre-Release Testers, Xojo Pro Europe (Switzerland)

    @Tomas J 19th October 2016 the ECJ

    @Tomas J James, your commentary does not help.

    On 19th October 2016 the ECJ came to the result that even dynamic IP address represents personal data.
    You are welcome to search for it yourself in your fav search engine.

    I am fully aware of that decision and if you go back and read what the decision actually says as opposed to what you think it says you will find that my comments are fully in line with that decision. IP addresses in and of themselves are not personal data except in circumstances where they can be used to identify a specific natural person and in almost all cases that is not possible unless you have additional information that enables you to do so such as a log on record for the time the address was in use an details of who was logged on.

    Now as far as I’m concerned we’re done.

  13. 4 days ago

    @Thom M That’s the point that doesn’t seem to be getting through. EU laws don’t apply to the US.

    No supremacy of EU law? There'll soon be a vacancy if you want to sign up for it ;)

  14. Michel B

    Aug 15 Pre-Release Testers, Xojo Pro RubberViews.com
    Edited 4 days ago

    Extra territorial jurisdiction is applicable only if a company has subsidiaries in the EU. it becomes possible to take action against the subsidiaries, to affect the entire company.

    That is how the EU slapped Microsoft with $1.35 back in 2008 for failure to respect sanctions.

    The other way around, Banque Nationale de Paris (BNP) was sentenced to five years probation by a U.S. judge back in 2015 in connection with a record $8.9 billion settlement resolving claims that it violated sanctions against Sudan, Cuba and Iran.

    It would not have been possible for the US to take action against BNP if it did not have a foot in the US.

    Even if some judge in some EU state wanted to take action against Xojo, if they have no subsidiary in the EU at all, there is simply no case.

    Frankly, all that tremor about some judge deciding that the IP address and time stamp are personal data is excessive, and just as laughable as that judge technical ignorance.

  15. James D

    Aug 15 Pre-Release Testers, Xojo Pro Europe (Switzerland)

    @Michel B Frankly, all that tremor about some judge deciding that the IP address and time stamp are personal data is excessive, and just as laughable as that judge technical ignorance.

    Except that is not what happened. First of all it was not just some judge, it was the initial opinion of a judge advocate of the ECJ and the ruling was not a generalization that IP addresses and time stamps are personal data in and of themselves.

  16. Alexander v

    Aug 15 Europe (Houten, The Netherland...

    @Steve W No supremacy of EU law? There'll soon be a vacancy if you want to sign up for it ;)

    To tell you a little secret: we in The Netherlands are totally fed up and tired with the EU and everything around it.

  17. Christian S

    Aug 15 Pre-Release Testers, Xojo Pro, XDC Speakers Germany

    The EU is not the problem. It's great to have an unified data protection law in contrast to 28 different laws here.
    And you can be sure that Dutch and German governments as well as your MEPs voted for this.

    The biggest problem is misinformed people, who do things in fear without knowing that there is no problem.

    To get back on topic, it may help to just look what data Xojo IDE transfers. Probably some request sent to web server?
    You could try to read data before sending and see what's included.

  18. Tomas J

    Aug 15 Pre-Release Testers, Xojo Pro Europe (Germany)
    Edited 4 days ago

    @Geoff P:

    Thank you for clarifying how Xojo handles data and what your intentions are. The problem is - even though we know each other here in this community and also got to know each other on a personal basis in Berlin a couple of years ago and even if I really appreciate you and fully trust your explanation - it will not work so to any larger company or authority in the EU using your software.

    All you said is good. So what's stopping you from this US EU Privacy Shield self-declaration?

  19. @Alexander van der Linden To tell you a little secret: we in The Netherlands are totally fed up and tired with the EU and everything around it.

    Here's an interesting talk on the "organised madness" of the EU (by a German economist) :)

or Sign Up to reply!